News & Announcements User Community Developer Community

Welcome to the RingCentral Community

Please note the community is currently under maintenance and is read-only.

Make sure to review our Terms of Use and Community Guidelines.
  Please note the community is currently under maintenance and is read-only.
Home » Developers
Difference in oauth2 implementation for ring central
Tags: authentication, oauth2
Dec 13, 2020 at 3:30pm   •   2 replies  •  0 likes
John Borelli

Hi, api wizards!

I've worked with OAuth2 to facilitate authentication with dozens of api's in PHP (ver 5.2 through 7.3), however, there seem to be some differences with how RingCentral uses OAuth and I'm struggling to get authentication to work.

  • I can't seem to identify how to specify permissions. Normally they're expressly listed in the authorize call. Are they implied by the user credentials in this case or am I missing how to set that request?
  • API docs give a longer than usual list of parameters as form data parameters but specify that the auth request is to be a GET action, no POST parameters I'm confused by that.
  • One of my attempts in Postman returned the message, "No redirect uri is registered for the client". Is there a place that the uri might be specified first (before the auth call, possibly in the app...sandbox in this case) and I'm missing it?
  • Speaking of Postman, it would be much easier if someone had, or could share, the configuration in Postman for the auth leg. I'm sure the token request and refresh cycles won't be a problem from there...I just have to work out the auth leg and a Postman config would really simplify that...if so, THANK YOU!!!

Thanks in advance for all advice and/or help!

2 Answers
answered on Dec 14, 2020 at 5:04pm  


Thank you so much! This answers a lot and the thorough explanation is very helpful. One question about the 'password flow' then, because I think (it sounds like) I may have been getting docs mixed up between that and the three legged course.

For this integration anyway, it's for one specific app and only them, and it's only going to be for basic contact details to push into Infusionsoft (CRM/Marketing SaaS). So it sounds like I can just use that approach without any concern...or is there something I might be missing?

Thanks so much again, you're awesome!

on Dec 15, 2020 at 1:51am   •  0 likes

Password flows are easy to implement. The application required user's credentials and the whole process can be done in single steps and very useful in private applications used with an organisation.

However for public application outside the organisation where there will be large number of users involved example web application or public webservice, Authorization flows are considered to be more secure as it will grant permission to user's account each time without exchanging user's credentials with 3rd party.

Which kind of Oauth grant type is suitable, you can check here:

answered on Dec 14, 2020 at 12:42am  

Let me try to provide you details by breaking it down.

For Authorization your application needs to define the authentication type.

For example, if your application supports Password flow type authentication, you can easily get the access token in a single oauth call.

url:  (in case of dev) 

Method: POST 

Body: username=+<your phone number>&password=<your password>&extension=101&grant_type=password

In response you will get the access_token and can use that to call all RingCentral APIs

If your application supports Authorization code which is also referred to as a "3-legged authorization flow"

You have to get the access_token in 2-3 steps

url:<your callback url>&client_id=<your client id>&display=page&prompt=

Now if for example your callback or redirect uri is then

then your Authorization flow first step will be:

url:<your client id>&display=page&prompt= 

Method: GET

Now this redirect uri should be also mentioned in your application in OAuth Redirect uri


Note: you can give any url you like, but it should be same here in the application config as well in Authorization flow url redirect_uri

"No redirect uri is registered for the client" can comes if the API dont find the same redirect uri in application defined.

Once you hit the Authorization flow url with GET method (in browser), the API will take you to the Authorization page view permission. You can see the permission which you mentioned in your question "I can't seem to identify how to specify permissions. "

You need to Authorize the application and browser is then redirected to the "Redirect URI" you’ve provided in the request. Some thing like this:<Your code>

Once you get this code in url, you can use this code to exchange access_token in next API call as below:


Method: POST 

Body: client_id=<your client id>&code=<the code you got in previous step in browser> &redirect_uri=

And now you will get your access token

Your question on "API docs give a longer than usual list of parameters as form data parameters but specify that the auth request is to be a GET action, no POST parameters allowed. "

I have mentioned the steps, url and their method GET/POST. Hope you can now able to resolve any issue you are getting


A new Community is coming to RingCentral!

Posts are currently read-only as we transition into our new platform.

We thank you for your patience
during this downtime.

Try Workflow Builder

Did you know you can easily automate tasks like responding to SMS, team messages, and more? Plus it's included with RingCentral Video and RingEX plans!

Try RingCentral Workflow Builder

Developer Platform
Integrated Apps
App Gallery
Developer support
Games and rewards

Resource center
Product Releases
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Legal Privacy Notice Site Map Contact Us